This is the story about when Mohammed Aldoub, AKA Voulnet, (twitter.com/Voulnet) found a vulnerability on Virus Total and Tweeted about it. Sponsors Support for this podcast comes from Cybereason. Cybereason reverses the attacker’s advantage and puts the power back in the defender’s hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Sources https://www.cyberscoop.com/story/trial-error-kuwait-mohammed-aldoub-case/
A few years back, I used to play this really stupid mobile game.
I don't even remember what it was called.
You had a party of fighters and you leveled them up or something.
But the thing was, in the game, there was an online chat option, and at any moment, you could look at the people chatting to see what they're talking about in the game.
Well, if you've played any game that has online chat options, you know how toxic it can be.
And this place was no exception.
People were selling in game gold.
That wasn't even possible.
It was just all scams because there was no way to send gold to anyone in the game.
And there was just some real vile hatred spewed all over the place.
The thing is, the people that did this felt like they could just hide behind their username that they created a minute ago, because the worst case scenario is that they just might get banned from the game.
But I was a network security engineer, and I wanted to see if there was a way to learn more about the people that were saying rude stuff in chat.
So I started a packet capture on my phone.
All network traffic coming in and out of the phone was captured.
And then I started looking through it.
It wasn't easy.
It's like looking for a needle in a haystack.
But eventually, I found what the packets looked like when they sent chat messages to me.
And it was not encrypted, which made it easy to crack the packet open and see exactly what was in those messages.
And amazingly enough, the network traffic showed a lot more information about that user who was chatting than what was showed in game.